Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4614
Views
9
Helpful
7
Replies

Recommendations: Dual Core Switch for redundancy.

santiago.jem
Level 1
Level 1

‎09-17-2012 06:53 PM - edited ‎03-07-2019 08:55 AM

Hi Experts,

May I ask for your recommendations for this kind of setup. Best practices and other routing and switching stuff.

I have the following: 1 5520 ASA connected to the internet, 2 core switches, and several access switches.

Aside from implementing RSTP, VRRP, hard code access and trunk ports, is there any other recommendation you would like to add.

Inputs are very much welcome.

My network is as seen below:

Network Setup.JPG

Labels:
0 Helpful
7 Replies 7

juan-ruiz
Level 1
Level 1

‎09-17-2012 07:02 PM

How about OSPF between the CORE switches and the firewall and advertise the default route to them?

Have both CORE switches have a route via each link to the firewall and control the preferred path with OSPF cost.

Also add a trunk group ether-channel between the core switches too.

Reza Sharifi
Hall of Fame
Hall of Fame

‎09-17-2012 07:05 PM

Hi,

Assuming the core routers are doing the routing, you also need a link between the 2 core routers. Remember, the firewall in your design is a single point of failure.

HTH

santiago.jem
Level 1
Level 1
In response to Reza Sharifi

‎09-17-2012 07:14 PM

Reza and Juan,

Thanks for the input guys. Will take note of those.

How about the links between Access switches and core switches?

Planning to implement RSTP here and blocked VLAN design. Is there something better between Access-Core links?

0 Helpful

Reza Sharifi
Hall of Fame
Hall of Fame
In response to santiago.jem

‎09-17-2012 07:22 PM

Hi,

RSTP or MST will work fine.  You have a couple of other options.  If your switches support it, instead of spanning tree you can run Flex Link (see below link)

http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/configuration/guide/flexlink.html

If your 6500 core switches are up to date with Sup-720-VS or Sup-2T, you could convert them to VSS.  This way you don't have to worry about STP. VRRP, HSRP, etc.. at all.

http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps9336/prod_qas0900aecd806ed74b.html

HTH

0 Helpful

santiago.jem
Level 1
Level 1
In response to Reza Sharifi

‎09-17-2012 08:47 PM

Thanks Reza,

These are cool technologies, but I'm afraid the core switches that I have doesn't support VSS.

I may have to stick with the traditional L2/L3 campus network design and taking note of those you have pointed out already.

Regards,

Jemel

0 Helpful

juan-ruiz
Level 1
Level 1
In response to santiago.jem

‎09-18-2012 05:53 AM

Hi Jemel,

If you are sticking with a traditional approach then rapid spanning-tree protocol will work fine.

Make sure you designate the primary root bridge and the secondary on your core switches and configure the appropriate port roles and security controls in place from rouge stp switches taking over.

If these two cores are Cisco I would use HSRP for the layer 3 gateway redundancy and OSPF/EIGRP between the two cores and the firewall. What kind of CORE switches do you have?

With STP and HSRP configuration you can have certain vlans use Trunk-1 that leads to CORE-1 and Trunk-2 that leads to CORE-2 if you wanted to load balance the traffic.

santiago.jem
Level 1
Level 1
In response to juan-ruiz

‎09-18-2012 07:23 PM

Hi Juan,

Thanks for the input. I'm planning to do the traditional approach after all.

My core switches are non-cisco so I'll have to go with VRRP.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card